Pages:
Author

Topic: mgw (Read 3794 times)

legendary
Activity: 1176
Merit: 1134
mgw
March 20, 2014, 07:45:59 AM
#72
Wow!
I knew this stuff was involved, just didnt realize how much...
I'm busy revamping the code now so wont have a chance to review this for a while. All this stuff is a bit outside my area, hopefully someone with more experience can figure out the best server configs. I keep hoping...

James

P.S. Keep up the great research, having all this in one place is definitely useful!
member
Activity: 64
Merit: 10
March 20, 2014, 03:52:49 AM
#71
James,

Apologies for the length of this post – this area is completely new to me.

I don't know to what extent the security provided by Amazon Web Services (AWS), as standard or in the form of their various additional security measures, will give you what you're looking for as regards security hardened servers that are set up so that the software running on it can't be changed without some elaborate process (your 6 March post refers) or whether you'll also have to deploy a third party security tool as well.

Here's a list, from the Amazon Web Services (AWS) Marketplace (https://aws.amazon.com/marketplace) of 137 third party security tools for use with AWS (including Trend Micro's Deep Security – see previous posts):

https://aws.amazon.com/marketplace/b/2649363011/ref=gtw_navlft_node_2649363011?page=1&category=2649363011

I'll be referring to this product list and my further research to date re 3rd party security tools in a separate post.

However before deciding which third party security tool(s) may be suitable, you would first have to decide which AWS product(s) to get.

Here's the link to the official AWS product list http://aws.amazon.com/products/

However a seemingly more comprehensive AWS product list and certainly a more accessible one is here: http://en.wikipedia.org/wiki/Amazon_Web_Services

Two AWS products which I'd hazard a guess you might be interested in are:

Quote
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
http://aws.amazon.com/ec2/

Quote
'You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.'
For more info:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html

However please note performance problems:

http://www.datadoghq.com/wp-content/uploads/2013/07/top_5_aws_ec2_performance_problems_ebook.pdf

Amazon Virtual Private Cloud (Amazon VPC)
Quote
lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet....
http://aws.amazon.com/vpc/

So far I've only looked at AWS Amazon Web Services and their security infrastructure, as they call it.

Though AWS is currently the clear leader in the cloud computing field of Infrastructure-as-a-Service (IaaS) there are two competitors: Google and Microsoft, which it seems may also be worth looking at:
Quote

' [AWSA] clearly leads the IaaS market and by some distance. But whether developers should follow AWS largely depends on where they want to go, according to new research from Forrester. Not only does this require a choice between Platform-as-a-Service (PaaS) offerings and IaaS, but there's also real IaaS competition brewing for AWS from Microsoft and Google. ' 
11 September 2013

http://readwrite.com/2013/09/11/amazon-about-to-get-serious-competition-in-the-cloud#awesm=~oycf6gcV8YSZIO

btw since in your original post you referred to amazon [web services], I'm assuming you've decided, at least provisionally, that you want an IaaS rather than a Platform-as-a-Service (PaaS) .

A schematic showing the different elements of the 'cloud layer' for which the cloud service provider and the customer are respectively responsible depending on what service model is being used (IaaS; PaaS or Security-as-a-Service) is set out on p 4 of Trend Micro's White Paper:

http://deepsecurity.trendmicro.com/wp-system/uploads/2013/04/Trend-Micro-Best-Practices-for-Security-and-Compliance-with-Amazon-Web-Services.pdf

The 14pp Trend Micro White Paper contains:

an overview of the virtualisation security market,

describes the respective responsibilities of the cloud service provider and the customer depending on the service model (IaaS; PaaS; SaaS) and the cloud type (Public; Private or Hybrid)

Quote
simply put, there are numerous security characteristics specific to each cloud model and    cloud customer, and provider security duties differ greatly between the cloud models.
   pp 6/7

on p. 8 a set of 6 questions to ask when choosing logical [i.e. technical] controls to protect instances,

and

on pp 9 to14: 12 Steps for Secure Cloud Adoption.


A very useful summary of AWS Security can be found here: https://aws.amazon.com/security/
especially the section called: Built-in Security Features

And the following page has links to much more detailed info about the security features that AWS provides and how to stay safe in the cloud:
https://aws.amazon.com/security/security-resources/

Including links to various AWS White Papers, including these two:

56pp AWS Security Best Practices
http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
Quote
This whitepaper is intended for existing and potential customers who are designing the security infrastructure and configuration for applications running in Amazon Web Services (AWS)
.
It provides security best practices that will help you define your Information Security Management
System (ISMS) and build a set of security policies and processes for your organization so you can protect your data and assets in the AWS Cloud.

The whitepaper also provides an overview of different security topics such as identifying, categorizing and protecting your assets on AWS, managing access to AWS resources using accounts, users and groups and suggesting ways you can secure your data, your operating systems and applications and overall infrastructure in the cloud.

60pp AWS White Paper: Overview of Security Processes
http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

pp 9-13 Network Security

pp 15-17 AWS Account Security Features

pp17-51    AWS Service Specific Security

This white paper contains a complete list of all the security measures built into the core AWS cloud infrastructure, platforms, and services. These are provided on the basis of the Shared Responsibility Model under which the customer has the

Quote
responsibility and management of the guest operating system (including updates and security patches), other associated application software, as well as the configuration of the AWS-provided security group firewall. You should carefully consider the services you choose as your responsibilities vary depending on the services you use, the integration of those services into your IT environment and applicable laws and regulations.

It is possible for you to enhance security and/or meet more stringent compliance requirements by leveraging technology such as host-based firewalls, host-based intrusion detection/prevention, and encryption.'

Here's an extract of the security credentials page that appears when you open an AWS account –
Quote
Access to applications and services within AWS cloud is secure and protected in multiple ways. Accessing those applications and services requires the use of special credentials that are associated with your account. There are three types of credentials currently offered by AWS. If you know which security credentials you need, simply select one of the links below:
Access Credentials: Your Access Keys, X.509 Certificates, and Key Pairs
Sign-In Credentials: Your E-mail Address, Password, and AWS Multi-Factor Authentication Device
Account Identifiers: Your AWS Account ID and Canonical User ID

There's more info included on this (password protected) page but rather than set it all out here, I'll include in a separate post, unless of course you don't think that's necessary at this stage or you're already aware of it. Please let me know.

However please note that according to page 9 of the Trend Micro White Paper:

Quote
Step 1 - Put away your AWS “root” account and use IAM to enable access

An AWS account is the first entity that is created when initiating a relationship with AWS. This account is considered a “root” account and provides access to all AWS resources including billing information. it is recommended to not use this account and instead leverage the AWS IAM service to create users, groups and roles to interact with AWS.
http://deepsecurity.trendmicro.com/wp-system/uploads/2013/04/Trend-Micro-Best-Practices-for-Security-and-Compliance-with-Amazon-Web-Services.pdf


As I see it, once you've decided (at least provisionally) what AWS services you want and what additional AWS-provided security layers you want, you will then need to consider:

1. whether you want to use a 3rd party product, e.g. Trend Micro's Deep Security as-a-service, to configure 'the AWS-provided security group firewall' (as it's described on p 6 of the AWS security white paper) which I assume is the same thing which Trend Micro describe as  AWS' 'host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring '

Or whether you want to do the above configuration yourself

2. the nature and extent of the security you want for those areas of the cloud layer for which you as the customer would be responsible – under the IaaS Service Model these include: the virtual network infrastructure; the virtual machines;  guest operating system (including updates and security patches) and other associated application software; Solution Stack (Programming languages); Interfaces (APIs; GUIs) and Data

Post to follow shortly re my further research to date re 3rd party security tools.

Robert
legendary
Activity: 1176
Merit: 1134
March 12, 2014, 11:56:23 PM
#70
is it make sense to receive some nodecoin if 0 NXT is in the account that is running nodecoin software?

Im asking, Im not really sure what are the every functions of the nodecoin miner. I Tought one goal was to encourage forging.
They would need to get 1 NXT from faucet
I dont see why somebody who is running a node shouldnt get nodecoins
There is no way to enforce forging, but I try to encourage it

the password is needed so you can start forging and send AM
hero member
Activity: 715
Merit: 500
March 12, 2014, 10:37:56 PM
#69
is it make sense to receive some nodecoin if 0 NXT is in the account that is running nodecoin software?

Im asking, Im not really sure what are the every functions of the nodecoin miner. I Tought one goal was to encourage forging.
hero member
Activity: 715
Merit: 500
March 12, 2014, 10:11:38 PM
#68

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

When I am at the step: ./run.sh

I get:

In file included from get_dogeaddr.c:13:0:
NXTparse.h:16:23: fatal error: curl/curl.h: No such file or directory
compilation terminated.
In file included from nodeminer.c:19:0:
NXTparse.h:16:23: fatal error: curl/curl.h: No such file or directory
compilation terminated.

I don't know what to do. Any help?

Got it. need to run before (only first time) :
sudo apt-get install curl libcurl3 libcurl3-dev php5-curl
hero member
Activity: 715
Merit: 500
March 12, 2014, 07:47:13 PM
#67

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

When I am at the step: ./run.sh

I get:

In file included from get_dogeaddr.c:13:0:
NXTparse.h:16:23: fatal error: curl/curl.h: No such file or directory
compilation terminated.
In file included from nodeminer.c:19:0:
NXTparse.h:16:23: fatal error: curl/curl.h: No such file or directory
compilation terminated.

I don't know what to do. Any help?
hero member
Activity: 715
Merit: 500
March 12, 2014, 03:47:53 PM
#66
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
It is for testnet the following is how to get it compiled and running from command line

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

Is the passphrase really necessary? Why it is needed?
Thx. Im installing a vm ware machine with unbuntu. I'll try to install nodecoin, not sure I'll get it working. It would be really nice if windows was also support by default.
hero member
Activity: 784
Merit: 500
March 12, 2014, 07:55:58 AM
#65
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
It is for testnet the following is how to get it compiled and running from command line

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

this is for linux, right? How to use it on windows?
I dont know how to use windows, but from commandline probably pretty close. You need to ask someone that knows
damelon got a big investor/company that will need AE based coin, so we have to make sure it is solid

That´s why we need a manual for windows, so we can get more testers on board.
legendary
Activity: 1176
Merit: 1134
March 12, 2014, 07:47:53 AM
#64
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
It is for testnet the following is how to get it compiled and running from command line

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

this is for linux, right? How to use it on windows?
I dont know how to use windows, but from commandline probably pretty close. You need to ask someone that knows
damelon got a big investor/company that will need AE based coin, so we have to make sure it is solid
hero member
Activity: 784
Merit: 500
March 12, 2014, 07:45:13 AM
#63
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
It is for testnet the following is how to get it compiled and running from command line

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer

this is for linux, right? How to use it on windows?
hero member
Activity: 784
Merit: 500
March 12, 2014, 07:44:46 AM
#62
i got near hundred transactions about account 18232225178877143084

found a bug on Asset Exchange., and there are so many untested cases . Embarrassed

After asset tests, i will go to nodeminer.

Thank you very much for your efforts!
full member
Activity: 236
Merit: 100
March 11, 2014, 11:38:16 PM
#61
i got near hundred transactions about account 18232225178877143084

found a bug on Asset Exchange., and there are so many untested cases . Embarrassed

After asset tests, i will go to nodeminer.
legendary
Activity: 1176
Merit: 1134
March 11, 2014, 09:11:50 PM
#60
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
It is for testnet the following is how to get it compiled and running from command line

git clone https://github.com/jl777/multigateway
cd multigateway
chmod +x run.sh
./run.sh
./nodeminer
hero member
Activity: 784
Merit: 500
March 11, 2014, 06:47:54 PM
#59
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
How to set it up?
legendary
Activity: 1176
Merit: 1134
March 11, 2014, 12:02:49 PM
#58
Can someone really pound on nodeminer? I was expecting some bugs, a server crash, something.
Maybe I offer some bounty for bugs, but it is so young, it shouldnt be hard to find bugs.
Free nodecoins if you can hack the "mining" algo

James
sr. member
Activity: 294
Merit: 260
March 10, 2014, 01:08:28 PM
#57
Thanks for the heads up. Will this also display gateway AM transactions? It sounds like that is the main piece that jl777 wants. No use in me duplicating efforts here. I will keep my eyes peeled for other pieces to work on.

It will display all AM transactions. You can search inside the transaction message, so yes, you'll be able to filter them to see only gateway transactions.
newbie
Activity: 31
Merit: 0
March 10, 2014, 12:04:12 PM
#56
I am going to give a basic transaction explorer a go.  jl777 can you elaborate a bit more as to what you want here?

I'm building a block explorer already, which I'm going to release in about a week or so. It will show messages, aliases and assets and the user will be able to search on everything as well.

I'm not saying this to discourage you from building your own, I just thought you should know. In any case, the more choices the better.

Thanks for the heads up. Will this also display gateway AM transactions? It sounds like that is the main piece that jl777 wants. No use in me duplicating efforts here. I will keep my eyes peeled for other pieces to work on.
sr. member
Activity: 294
Merit: 260
March 10, 2014, 08:13:45 AM
#55
I am going to give a basic transaction explorer a go.  jl777 can you elaborate a bit more as to what you want here?

I'm building a block explorer already, which I'm going to release in about a week or so. It will show messages, aliases and assets and the user will be able to search on everything as well.

I'm not saying this to discourage you from building your own, I just thought you should know. In any case, the more choices the better.
legendary
Activity: 1176
Merit: 1134
March 09, 2014, 10:21:39 PM
#54
I am going to give a basic transaction explorer a go.  jl777 can you elaborate a bit more as to what you want here?

Do you want a service that just lists every AE transaction, or do you want something takes an account number and lists all AE transactions for that user? I was reading through the API a bit today, and it looks fairly straightforward, so hopefully I can make some progress on it this week. I will probably start out by just making this a main prog, and then worry about making it a web service after.


While it would be nice to have all the AE transactions, that is pretty much built into the NXT API.
What is needed is something that shows all the gateway AM transactions. These are gateway specific interpretation of AM data. the reference client shows how to monitor the blockchain for these. there are some additional funcid's for server responses and checkpoints.

The first step is to just log all the deposit address and withdraw address AM's
and the gateway AM's

// client gateway funcids
#define GET_COINDEPOSIT_ADDRESS 'g'
#define SET_COINWITHDRAW_ADDRESS 'w'

// gateway internal funcids
#define BIND_DEPOSIT_ADDRESS 'b'
#define PENDING_SWEEP 's'
#define WITHDRAW_REQUEST '<'
#define MONEY_SENT 'm'

// NXTmixer functions
#define SEND_ANONYMOUS_PAYMENTS 'A'   
#define START_NEW_SESSION 'N'

// NXTcoins
#define CREATE_NXTCOINS 'C' // NXTcoins

https://github.com/jl777/multigateway/blob/master/jl777.h defines the AM structure

James
newbie
Activity: 31
Merit: 0
March 09, 2014, 06:28:08 PM
#53
I am going to give a basic transaction explorer a go.  jl777 can you elaborate a bit more as to what you want here?

Do you want a service that just lists every AE transaction, or do you want something takes an account number and lists all AE transactions for that user? I was reading through the API a bit today, and it looks fairly straightforward, so hopefully I can make some progress on it this week. I will probably start out by just making this a main prog, and then worry about making it a web service after.

Pages:
Jump to: